An Empirical Analysis on the Usability and Security of Passwords

被引:7
作者
Walia, Kanwardeep Singh [1 ]
Shenoy, Shweta [2 ]
Cheng, Yuan [1 ]
机构
[1] Calif State Univ Sacramento, Dept Comp Sci, Sacramento, CA 95819 USA
[2] KLA Corp, Milpitas, CA USA
来源
2020 IEEE 21ST INTERNATIONAL CONFERENCE ON INFORMATION REUSE AND INTEGRATION FOR DATA SCIENCE (IRI 2020) | 2020年
关键词
authentication; passwords; phonemes; usability; security;
D O I
10.1109/IRI49571.2020.00009
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Security and usability are two essential aspects of a system, but they usually move in opposite directions. Sometimes, to achieve security, usability has to be compromised, and vice versa. Password-based authentication systems require both security and usability. However, to increase password security, absurd rules are introduced, which often drive users to compromise the usability of their passwords. Users tend to forget complex passwords and use techniques such as writing them down, reusing them, and storing them in vulnerable ways. Enhancing the strength while maintaining the usability of a password has become one of the biggest challenges for users and security experts. In this paper, we define the pronounceability of a password as a means to measure how easy it is to memorize - an aspect we associate with usability. We examine a dataset of more than 7 million passwords to determine whether the user-generated passwords are secure. Moreover, we convert the user-generated passwords into phonemes and measure the pronounceability of the phoneme-based representations. We then establish a relationship between the two and suggest how password creation strategies can be adapted to better align with both security and usability.
引用
收藏
页码:1 / 8
页数:8
相关论文
共 50 条
[31]   On the Security and Usability of Dual Credential Authentication in UK Online Banking [J].
Just, Mike ;
Aspinall, David .
2012 INTERNATIONAL CONFERENCE FOR INTERNET TECHNOLOGY AND SECURED TRANSACTIONS, 2012, :259-264
[32]   Mechanisms for increasing the usability of grid security [J].
Beckles, B ;
Welch, V ;
Basney, J .
INTERNATIONAL JOURNAL OF HUMAN-COMPUTER STUDIES, 2005, 63 (1-2) :74-101
[33]   Dissecting the Security and Usability Alignment in the Industry [J].
Naqvi, Bilal .
HUMAN-CENTERED SOFTWARE ENGINEERING (HCSE 2022), 2022, 13482 :57-69
[34]   Effectiveness of image-based mnemonic techniques for enhancing the memorability and security of user-generated passwords [J].
Nelson, Deborah ;
Vu, Kim-Phuong L. .
COMPUTERS IN HUMAN BEHAVIOR, 2010, 26 (04) :705-715
[35]   The Security-Usability Tradeoff Myth [J].
Sasse, M. Angela ;
Smith, Matthew .
IEEE SECURITY & PRIVACY, 2016, 14 (05) :11-13
[36]   Usability and security in online authentication systems [J].
Allafi, Randa ;
Darem, Abdulbasit A. .
INTERNATIONAL JOURNAL OF ADVANCED AND APPLIED SCIENCES, 2025, 12 (06) :1-12
[37]   Usability of IT-Security in Smart Grids [J].
Patil, Amit Dilip ;
De Meer, Hermann .
E-ENERGY'18: PROCEEDINGS OF THE 9TH ACM INTERNATIONAL CONFERENCE ON FUTURE ENERGY SYSTEMS, 2018, :393-395
[38]   Analysis of interoperability, security and usability of digital repositories in Kenyan Institutions of Higher Learning [J].
Masinde J.M. ;
Sanya O. .
Data and Information Management, 2022, 6 (04)
[39]   Authentication System for Websites with Paid Content: An Overview of Security and Usability Issues [J].
Hurkala, Adam ;
Hurkala, Jaroslaw .
INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2013, 13 (07) :42-49
[40]   Usability and Security Analysis of the Compare-and-Confirm Method in Mobile Push-Based Two-Factor Authentication [J].
Jubur, Mohammed ;
Saxena, Nitesh ;
Reegu, Faheem A. .
IEEE TRANSACTIONS ON MOBILE COMPUTING, 2025, 24 (06) :4623-4638
12345